@objectstack/rest 9.2.0 → 9.3.0

package/dist/index.cjs

@@ -871,6 +871,9 @@ var RestServer = class {
    */
   filterAppForUser(item, sysPerms) {
     if (!item || typeof item !== "object") return item;
+    if (item.hidden === true && !sysPerms.has("studio.access") && !sysPerms.has("setup.access")) {
+      return null;
+    }
     const reqApp = Array.isArray(item.requiredPermissions) ? item.requiredPermissions : [];
     if (reqApp.length > 0 && !reqApp.every((p) => sysPerms.has(p))) {
       return null;
@@ -1488,9 +1491,11 @@ var RestServer = class {
             const packageId = req.query?.package || void 0;
             const environmentId = isScoped ? req.params?.environmentId : void 0;
             const p = await this.resolveProtocol(environmentId, req);
+            const previewDrafts = typeof req.query?.preview === "string" && req.query.preview.toLowerCase() === "draft";
             const items = await p.getMetaItems({
               type: req.params.type,
               packageId,
+              ...previewDrafts ? { previewDrafts: true } : {},
               ...environmentId ? { environmentId } : {}
             });
             let visible = items;
@@ -1517,6 +1522,18 @@ var RestServer = class {
                 visible = Array.isArray(raw) ? filtered : { ...raw, items: filtered };
               }
             }
+            if (req.params.type === "doc" && req.query?.include !== "content") {
+              const raw = visible;
+              const list = Array.isArray(raw) ? raw : raw && typeof raw === "object" && Array.isArray(raw.items) ? raw.items : null;
+              if (list) {
+                const slim = list.map((it) => {
+                  if (!it || typeof it !== "object") return it;
+                  const { content: _content, ...rest } = it;
+                  return rest;
+                });
+                visible = Array.isArray(raw) ? slim : { ...raw, items: slim };
+              }
+            }
             const translated = await this.translateMetaItems(req, req.params.type, environmentId, visible);
             res.header("Vary", "Accept-Language");
             res.json(translated);
@@ -1578,7 +1595,8 @@ var RestServer = class {
             }
             const isAppType = req.params.type === "app";
             const isDraftRead = typeof req.query?.state === "string" && req.query.state.toLowerCase() === "draft";
-            if (metadata.enableCache && p.getMetaItemCached && !isAppType && !isDraftRead) {
+            const previewDrafts = typeof req.query?.preview === "string" && req.query.preview.toLowerCase() === "draft";
+            if (metadata.enableCache && p.getMetaItemCached && !isAppType && !isDraftRead && !previewDrafts) {
               const cacheRequest = {
                 ifNoneMatch: req.headers["if-none-match"],
                 ifModifiedSince: req.headers["if-modified-since"]
@@ -1617,7 +1635,8 @@ var RestServer = class {
                 type: req.params.type,
                 name: req.params.name,
                 packageId,
-                ...stateParam === "draft" ? { state: "draft" } : {}
+                ...stateParam === "draft" ? { state: "draft" } : {},
+                ...previewDrafts ? { previewDrafts: true } : {}
               });
               let visible = item;
               if (isAppType && item) {
@@ -3582,6 +3601,7 @@ var RestServer = class {
         [/^VALIDATION_FAILED/, 400, "VALIDATION_FAILED"],
         [/^DUPLICATE_REQUEST/, 409, "DUPLICATE_REQUEST"],
         [/^INVALID_STATE/, 409, "INVALID_STATE"],
+        [/^THROTTLED/, 429, "THROTTLED"],
         [/^FORBIDDEN/, 403, "FORBIDDEN"],
         [/^REQUEST_NOT_FOUND/, 404, "REQUEST_NOT_FOUND"]
       ];
@@ -3609,13 +3629,24 @@ var RestServer = class {
           const q = req.query ?? {};
           const rawApprover = q.approverId ?? q.approver_id;
           const approverIds = (Array.isArray(rawApprover) ? rawApprover : rawApprover != null ? [rawApprover] : []).flatMap((s) => String(s).split(",")).map((s) => s.trim()).filter(Boolean);
-          const rows = await svc.listRequests({
+          const limit = q.limit != null ? Number(q.limit) : void 0;
+          const offset = q.offset != null ? Number(q.offset) : void 0;
+          const listFilter = {
             object: q.object,
             recordId: q.recordId ?? q.record_id,
             status: q.status,
             approverId: approverIds.length ? approverIds : void 0,
-            submitterId: q.submitterId ?? q.submitter_id
-          }, context ?? {});
+            submitterId: q.submitterId ?? q.submitter_id,
+            q: typeof q.q === "string" ? q.q : void 0,
+            limit: Number.isFinite(limit) ? limit : void 0,
+            offset: Number.isFinite(offset) ? offset : void 0
+          };
+          const rows = await svc.listRequests(listFilter, context ?? {});
+          if (listFilter.limit != null && typeof svc.countRequests === "function") {
+            const total = await svc.countRequests(listFilter, context ?? {});
+            res.json({ data: rows, total });
+            return;
+          }
           res.json({ data: rows });
         } catch (error) {
           logError("[REST] List approval requests error:", error);
@@ -3708,6 +3739,63 @@ var RestServer = class {
       },
       metadata: { summary: "Recall (withdraw) an approval request", tags: ["approvals"] }
     });
+    const threadRoute = (action, invoke) => {
+      this.routeManager.register({
+        method: "POST",
+        path: `${dataPath}/approvals/requests/:id/${action}`,
+        handler: async (req, res) => {
+          try {
+            const environmentId = isScoped ? req.params?.environmentId : void 0;
+            const context = await this.resolveExecCtx(environmentId, req);
+            if (this.enforceAuth(req, res, context)) return;
+            const svc = await resolveService(environmentId);
+            if (!svc) return respond501(res);
+            const body = req.body ?? {};
+            try {
+              const out = await invoke(svc, req.params.id, body, context ?? {});
+              res.json(out);
+            } catch (err) {
+              if (handleApprovalError(res, err)) return;
+              throw err;
+            }
+          } catch (error) {
+            logError(`[REST] ${action} approval error:`, error);
+            res.status(500).json({ code: `APPROVAL_${action.toUpperCase().replace("-", "_")}_FAILED`, error: String(error?.message ?? error).slice(0, 500) });
+          }
+        },
+        metadata: { summary: `${action} on an approval request`, tags: ["approvals"] }
+      });
+    };
+    threadRoute("reassign", (svc, id, body, context) => {
+      if (typeof svc.reassign !== "function") throw new Error("VALIDATION_FAILED: reassign is not supported");
+      return svc.reassign(id, {
+        actorId: body.actorId ?? body.actor_id ?? context?.userId,
+        to: body.to,
+        from: body.from,
+        comment: body.comment
+      }, context);
+    });
+    threadRoute("remind", (svc, id, body, context) => {
+      if (typeof svc.remind !== "function") throw new Error("VALIDATION_FAILED: remind is not supported");
+      return svc.remind(id, {
+        actorId: body.actorId ?? body.actor_id ?? context?.userId,
+        comment: body.comment
+      }, context);
+    });
+    threadRoute("request-info", (svc, id, body, context) => {
+      if (typeof svc.requestInfo !== "function") throw new Error("VALIDATION_FAILED: request-info is not supported");
+      return svc.requestInfo(id, {
+        actorId: body.actorId ?? body.actor_id ?? context?.userId,
+        comment: body.comment
+      }, context);
+    });
+    threadRoute("comment", (svc, id, body, context) => {
+      if (typeof svc.comment !== "function") throw new Error("VALIDATION_FAILED: comment is not supported");
+      return svc.comment(id, {
+        actorId: body.actorId ?? body.actor_id ?? context?.userId,
+        comment: body.comment
+      }, context);
+    });
     this.routeManager.register({
       method: "GET",
       path: `${dataPath}/approvals/requests/:id/actions`,